nginx - 无法为第二个站点

时间:2018-02-01 17:45:15

标签: ssl nginx certbot

我最初使用certbot作为我的第一个站点(默认)的证书。一切都很顺利,在过去的6个月中表现非常出色。 最近我尝试将另一个站点添加到我的服务器,当我尝试对其进行认证时会出现问题。 (它在http上运行良好 - 使用端口80)。

我按照与使用certbot生成ssl-cert之前完全相同的步骤(尽管更改了名称),我没有遇到任何问题。

但是现在当我将site2的证书添加到,它会重定向到默认&在url-bar中显示为不安全。 如果我尝试进入默认值,它可以正常工作并且仍然可以进行认证。

我确定这是site2证书的问题,但我不确定问题出在哪里?

我原来的网站"默认"是一个PHP脚本。 然而,第二个网站" site2"是一个HTML脚本。

默认代码;

server {
    listen 80 default_server ;

    listen [::]:80 default_server  ipv6only=on;
    server_name default.com www.default.com;
            return 301 https://www.default.com$request_uri;


    }

server{
 listen 443 ssl http2 default_server;
 listen [::]:443 ssl http2 default_server;
 include /etc/nginx/snippets/ssl-default.com.conf;
 include /etc/nginx/snippets/ssl-params.conf;



       location ~ /.well-known {
            allow all;
    }


     root /var/www/default.com/site;
 index index.php index.html index.htm index.nginx-debian.html;
   server_name _;

    location / {
try_files $uri $uri/ /index.php?$args;

      }



   location ~ \.php$ {
            include snippets/fastcgi-php.conf;
     fastcgi_pass unix:/run/php/php7.1-fpm.sock;
    }


 location ~ /\.ht {
            deny all;
    }

}

site2'

server {
    listen 80;
    listen [::]:80 ;
    server_name site2.com www.site2.com;
    return 302 https://www.site2.com$request_uri;
}
server{
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name _;
    include /etc/nginx/snippets/ssl-site2.com.conf;
    include /etc/nginx/snippets/ssl-params.conf;

     location ~ /.well-known {
            allow all;
    }


    root /var/www/site2.com/;
    index index.html;

    location / {
            try_files $uri $uri/ =404;
    }

    location ~ /\.ht {
            deny all;
    }



}

sudo nginx -t output;

  [warn] "ssl_stapling" ignored, issuer certificate not found
  nginx: [warn] conflicting server name "_" on 0.0.0.0:443, ignored
  nginx: [warn] conflicting server name "_" on [::]:443, ignored
nginx: [warn] conflicting server name "default.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.default.com" on 0.0.0.0:80, 
ignored
nginx: [warn] conflicting server name "default.com" on [::]:80, ignored
nginx: [warn] conflicting server name "www.default.com" on [::]:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

params.conf包含;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# disable HSTS header for now
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; 
preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

ssl.site2.com.conf具有privkey和fullchain的位置。 (默认情况下格式和位置相同,只是更改名称..)

*检查"不安全"在url-bar中,声明site2的证书被发布为默认值

1 个答案:

答案 0 :(得分:0)

除非只有一台虚拟主机,否则不得在ssl主机上使用

server_name _。您应该在每个服务器部分中设置显式名称。